Category Archives: javascript

Auto Added by WPeMatico

Firefox JavaScript Vulnerability Warning to Crypto Users

Firefox has assigned a critical or top-level threat to a vulnerability discovered by the Coinbase security team and Google security researcher Samuel D Gross. The mixing attack has been used in the past to attack cryptocurrency users.

A zero-day (also known as 0-day) vulnerability is a computer-software vulnerability that is unknown to, or unaddressed by, those who should be interested in mitigating the vulnerability (including the vendor of the target software). Until the vulnerability is mitigated, hackers can exploit it to adversely affect computer programs, data, additional computers or a network.

Registered by experts under the code number CVE-2019–11707 a similar problem occurred in the Mozilla Firefox browser back in 2016. A publication on the Firefox website stated:

“A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw.”

As a result of the critical threat, all Firefox users have been advised to update to the latest updated version of Mozilla Firefox 67.0.3 in which the problem has been fixed. In such situations, the vulnerability is generally hidden from the public and fixed immediately before released publicly, due to its potential harm.

In a move to help improve security in the crypto-sphere, Firefox recently announced that all future versions of its web browser would automatically block crypto-jacking malware. The aim is to target the negative impacts of unchecked online tracking. Future web browsers will protect users by default from this, and offer users more advanced controls over what information of theirs is shared with third parties.

 

BitcoinNews is committed to unbiased news and upholding journalistic codes of ethics. For more information please read our Editorial Policy here.

Follow BitcoinNews on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews: https://t.me/bconews

Image Courtesy:BitcoinNews

The post Firefox JavaScript Vulnerability Warning to Crypto Users appeared first on BitcoinNews.com.

World Economic Forum: Cybersecurity Threatened by Poor Security, Not Hackers

World Economic Forum_ Cybersecurity Threatened by Poor Security, Not Hackers

The World Economic Forum (WEF) has produced a report claiming that data security breaches are more frequently the result of poor company security rather than because of clever hackers.

Although blockchain-based companies are targeted by hackers, the report found that exploitation of data was more often down to lax cybersecurity measures being implemented. It cited a major case in the breach of retail giant Target affecting 41 million consumers, which resulted in the firing of senior staff.

Other major companies were cited in the report regarding lax data protection security including United States Government Office of Personnel Management and Sony Pictures Entertainment — not the first involving that company — which also resulted in sackings at management level.

The WEF suggested that cybersecurity needs to become a priority and it should be led from the top, claiming that only 5% of the top 100 companies have a dedicated cybersecurity leader, and such leadership should be introduced to all blockchain and crypto companies with the power to instigate new measures in order to tackle security problems.

Last year, Japan was hit by a spate of in-browser cryptojacking from the spread of malicious software through emails or by other means. The malware was programmed to bleed the user’s processor to facilitate mining. The other predominant threat was through a popular script called Coinhive, which offered a JavaScript miner for the Monero Blockchain.

Earlier this year a large scale hack affecting 30 companies and a breach of 841 million records, inclusive of 450,000 records from cryptocurrency brokerage firm Coinmama, were posted on a dark web registry.

 

Follow BitcoinNews.com on Twitter: @bitcoinnewscom

Telegram Alerts from BitcoinNews.com: https://t.me/bconews

Want to advertise or get published on BitcoinNews.com? – View our Media Kit PDF here.

Image Courtesy: bitcoinnews.com

The post World Economic Forum: Cybersecurity Threatened by Poor Security, Not Hackers appeared first on BitcoinNews.com.

Websites Hit by Latest Wave of Cryptojacking

The website ‘Bad Packets Report’ has released a list of some 300 sites that have been compromised by “cryptojacking”, including Chinese hardware maker Lenevo.

Coindesk reports that the site’s security adviser, Troy Mursch, wrote last week that the compromised sites had been infected by hackers installing a browser mining software which exploited an outdated version of Drupal, a content management system (CMS). The two vulnerabilities, CVE-2018-7600 and CVE-2018-7602, have left numerous websites vulnerable to hacks if they did not receive immediate updates.

Incidents of cryptojacking are currently on the rise, defined as the secret use of one’s computing device to mine cryptocurrency. The hacking used to occur when the victim unknowingly installed a program on their computer which secretly mined cryptocurrency. Now, hackers are infecting websites with software that utilizes the victim’s computer power to mine cryptocurrency on the attackers’ behalf.

The list published by Mursch includes government and university portals as well as private companies, but is not the first of such alerts. After a previous release by cyber-security firm Imperva, warning that Drupal sites were being hacked by ‘Kitty’, an in-browser cryptocurrency miner containing a file named ‘me0w.js.’, it became clear that these sites were at risk.

Mursch explained why mining malware is currently rife:

“This is because Coinhive and other cryptojacking services (malware) are simply done with JavaScript. Every modern browser and device can run JavaScript, so as such, everybody can mine cryptocurrency and unfortunately Coinhive has been used and abused time and time again. [In] this particular case, Drupal users need to update [as soon as possible].”

Not all Coinhive users are malicious, as Bitcoin News reported recently. UNICEF recently launched a project called ‘The Hope page’  in support of Rohingya refugees in Bangladesh, which used the crypto mining service to fund its project. In this case, users gave permission to UNICEF to mine the coin monero using donors’ computer power.

 

*Follow BitcoinNews.com on Twitter at https://twitter.com/bitcoinnewscom*

*Telegram Alerts from BitcoinNews.com at https://t.me/bconews*

The post Websites Hit by Latest Wave of Cryptojacking appeared first on BitcoinNews.com.